<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html [
  <!ENTITY % htmlDTD PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
  %htmlDTD;
  <!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
  %globalDTD;
  <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
  %brandDTD;
]>

<!-- ***** BEGIN LICENSE BLOCK *****
  -
  - Copyright 2009 Sid Stamm <sid@sidstamm.com>
  -
  - Licensed under the Apache License, Version 2.0 (the "License");
  - you may not use this file except in compliance with the License.
  - You may obtain a copy of the License at
  -
  -     http://www.apache.org/licenses/LICENSE-2.0
  -
  - Unless required by applicable law or agreed to in writing, software
  - distributed under the License is distributed on an "AS IS" BASIS,
  - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  - See the License for the specific language governing permissions and
  - limitations under the License.
  -
  - Author:
  - Sid Stamm <sid@sidstamm.com>
  -
  - ***** END LICENSE BLOCK ***** -->

<html xmlns="http://www.w3.org/1999/xhtml" class="blacklist">
  <head>
    <link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
    <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/>

    <script type="application/javascript"><![CDATA[
      // Error url MUST be formatted like this:
      //   about:certlocked?oo=old_origin&no=new_origin&u=url
      
      // Note that this file uses document.documentURI to get
      // the URL (with the format from above). This is because
      // document.location.href gets the current URI off the docshell,
      // which is the URL displayed in the location bar, i.e.
      // the URI that the user attempted to load.

      function getOldOrigin()
      {
        var url = document.documentURI;
        var oldOrigin = url.search(/oo\=/);
        var newOrigin = url.search(/\&no\=/);
        return decodeURIComponent(url.slice(oldOrigin + 3, newOrigin));
      }

      function getNewOrigin()
      {
        var url = document.documentURI;
        var newOrigin = url.search(/no\=/);
        var urlSpot = url.search(/\&u\=/);
        return decodeURIComponent(url.slice(newOrigin + 3, urlSpot));
      }

      function getURL()
      {
        var url = document.documentURI;
        var index = url.search(/u\=/);

        // index == -1 if not found; if so, return an empty string
        // instead of what would turn out to be portions of the URI
        if (index == -1)
          return "";

        return decodeURIComponent(url.slice(index + 2));
      }
      
      /**
       * Attempt to parse the result of getURL and extract a hostname.  Fail back
       * to getURL so that we always return something meaningful.
       */
      function getHostString()
      {
        //return document.location.hostname;
        return getURL();
      }
      
      function initPage()
      {
        // Set sitename
        document.getElementById("sitename").textContent = getHostString();
        document.title = document.getElementById("errorTitleText")
                                 .innerHTML;

        // set origin names
        document.getElementById("old_origin").textContent = getOldOrigin();
        document.getElementById("new_origin").textContent = getNewOrigin();
      }
      
    ]]></script>
    <style type="text/css">
      /* Style warning button to look like a small text link in the
         bottom right. This is preferable to just using a text link
         since there is already a mechanism in browser.js for trapping
         oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
      #ignoreWarningButton {
        -moz-appearance: none;
        background: transparent;
        border: none;
        color: white;  /* Hard coded because netError.css forces this page's background to dark red */
        text-decoration: underline;
        margin: 0;
        padding: 0;
        position: relative;
        top: 23px;
        left: 20px;
        font-size: smaller;
      }
      
      #ignoreWarning {
        text-align: right;
      }
    </style>
  </head>

  <body dir="&locale.dir;">
    <div id="errorPageContainer">
    
      <!-- Error Title -->
      <div id="errorTitle">
        <h1 id="errorTitleText">Certificate Lock Error</h1>
      </div>
      
      <div id="errorLongContent">
      
        <!-- Short Description -->
        <div id="errorShortDesc">
          <p id="errorShortDescText">Certificate Lock Error: Possible Man-In-The-Middle Attack in progress on <span id="sitename">??</span></p>
        </div>

        <!-- Long Description -->
        <div id="errorLongDesc">
          <p id="errorLongDescText">This web page requested that its
          connection be "Certificate Locked", meaning it did not want the
          country of origin for the SSL certificate to change.  The site is
          locked into the country <tt>"<span id="old_origin">??</span></tt>" and the site was
          served with a certificate issued by <tt>"<span id="new_origin">??</span></tt>".</p>
          
          <p>This has changed since the last access of the site, so it is not being
          displayed.</p>
        </div>
        
        <!-- Action buttons -->
        <div id="buttons">
          <!-- Commands handled in browser.js -->
          <xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
                      id="getMeOutButton" label="Get me out of here!"/>
        </div>
      </div>
      <div id="ignoreWarning">
        <xul:button xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
                    id="ignoreWarningButton" label="Continue to site (Accept new cert)"/>
    <!--
      - TODO: Add override code that updates the database!
      -->
      </div>
    </div>
    <!--
    - Note: It is important to run the script this way, instead of using
    - an onload handler. This is because error pages are loaded as
    - LOAD_BACKGROUND, which means that onload handlers will not be executed.
    -->
    <script type="application/javascript">initPage();</script>
  </body>
</html>
